Users of my application use SSO to sign in and a link to their profile picture from their identity provider can then be seen in Auth0 Raw JSON → picture.
Links goes to lh3.googleusercontent.com, graph.facebook.com, gravatar.com etc.
In my application, users can interact with one another, and I’d like to display their profile pictures as part of these interactions.
What is the best practice for doing this?
Is there a built-in way in Auth0 to handle this?
First idea was to use links directly: As I understand it is not ok because of privacy reasons to use those external picture links directly in my client application.
Second idea was to copy images to my own server: As I understand these login providers have it in their terms, that you are supposed to always show current info - so if I store the profile images on my server, and then a user change their profile image with their provider, I might be in “violation” of that.